CVE-2025-57614
BaseFortify
Publication date: 2025-09-02
Last updated on: 2025-09-10
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| meh.schizofreni | rust-ffmpeg | 0.3.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in rust-ffmpeg 0.3.0 occurs in the cached method, which takes four dimension parameters and casts them unchecked to a signed 32-bit integer. If these parameters are zero or exceed the maximum allowed value (i32::MAX), the cast results in invalid values that violate the underlying C function's requirements. This leads to undefined behavior such as buffer underflows, out-of-bounds memory access, crashes, or memory corruption. Essentially, improper input validation allows an attacker to trigger these unsafe conditions. [1]
How can this vulnerability impact me? :
This vulnerability can cause denial of service by crashing the application or corrupting memory. In some cases, it may allow an attacker to execute arbitrary code due to the undefined behavior triggered by invalid input parameters. This compromises the stability and security of any system using the affected rust-ffmpeg version. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the rust-ffmpeg version 0.3.0 (after commit 5ac0527) is in use and whether it improperly handles dimension parameters in the cached method, specifically if zero or values exceeding i32::MAX are passed unchecked. Detection involves auditing the source code or runtime behavior for crashes or undefined behavior related to invalid dimension parameters. There are no specific network commands provided, but reviewing logs for crashes or memory corruption when processing media with rust-ffmpeg could indicate exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include validating all dimension parameters passed to the cached method to ensure they are strictly greater than zero and less than or equal to i32::MAX before casting to c_int. If invalid values are detected, the program should panic with a clear error or return an error instead of proceeding. Additionally, updating rust-ffmpeg to a version that includes these validation fixes or applying patches that add these checks will prevent exploitation. Avoid processing inputs with zero or excessively large dimension parameters until patched. [1]